OWASP 2025 Global AppSec EU

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Download the complete training outline: AI Whiteboard Hacking Training Details

Testimonial: "After years evaluating security trainings at Black Hat, including Toreon's Whiteboard Hacking sessions, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."
- Daniel Cuthbert, Global Head of Cyber Security Research, Black Hat Review Board Member

In today's rapidly evolving AI landscape, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify, assess, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.

The training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses, expert Q&A sessions, and continuously updated resources.

Led by Sebastien Deleersnyder, co-founder and CTO of Toreon, and Black Hat trainer, this training combines technical expertise with practical insights gained from real-world projects across government, finance, healthcare, and technology sectors.

Quick Overview:
·       Target Audience: AI Engineers, Software Engineers, Solution Architects, Security Professionals
·       Prerequisites: Basic understanding of AI concepts (pre-training materials provided)
·       Certification: AI Threat Modeling Practitioner Certificate
·       Bonus: 1-year AI Threat Modeling Subscription included

Our lineup of the hands-on exercises from the training that let you put AI security concepts into practice:
Day 1: Foundations & Methodology
· "AI Security Headlines from the Future" - Explore potential security scenarios
· "Diagramming the AI Assistant Infrastructure" - Map out real AI system components
· "Identification of STRIDE-AI threats for UrbanFlow" - Apply threat modeling to urban systems
· "Autonomous Vehicle System Attack Tree Analysis" - Build attack scenarios

Day 2: Implementation & Defense
· "The Curious Chatbot Challenge (Injection)" - Hands-on prompt injection threats
· "Applying OWASP AI Exchange on a RAG-powered CareBot" - Real-world threat library application
· "AI Security Architecture Building Blocks Workshop" - Design secure AI systems
· "AI Risk Assessment: Autonomous Healthcare Robots" - Evaluate real-world AI risks

Day 3: Advanced Concepts & Practical Application
· "Ethics in Action - The FairCredit AI Incident" - Navigate ethical AI challenges
· "Data minimization and secure data handling for AI agents" - Implement privacy-by-design
· "Mapping attacks and controls in an MLOps pipeline" - Secure the AI development lifecycle
· "Project Prometheus: The Rogue AI Research Assistant" - Red Team/Blue Team wargame finale

Download the complete training outline: AI Whiteboard Hacking Training Details

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Core Modules
00-00 Intro to App Security
00-01 Input Validation Basics
00-02 HTTP Security Basics
00-03 SOP and CORS
00-04 API and REST Security
00-05 Microservice Security
00-06 JSON Web Tokens
00-07 SQL and Other Injections
00-08 Cross-Site Request Forgery - CSRF Defenses for Various Architectures
00-09 File Upload and File I/O Security - Secure File Upload, File I/O Security
00-10 Deserialization Security - Safe Deserialization Practices
00-11 Artificial Intelligence Security - Securing AI Implementations, Full Course
00-12 Third-Party Library Security Management - Ensuring Third-Party Library Security
00-13 Introduction to Cloud Security - Basics of Cloud Security Management
00-14 Intro to iOS and Android Security - Mobile Security Fundamentals

Standards
01-00 OWASP Top Ten - Top Ten Web Security Risks
01-01 Intro to GDPR - European Data Privacy Law
01-02 OWASP ASVS - Comprehensive Secure Coding Standard
01-03 OWASP Top Ten Proactive Controls - Web Security Defense Categories
01-04 PCI Secure SDLC Standard - Credit Card SDLC Requirements

User Interface Security
02-00 XSS Defense - Client-Side Web Security
02-01 Content Security Policy - Advanced Client-Side Web Security
02-02 Content Spoofing and HTML Hacking - HTML Client-Side Injection Attacks
02-03 React Security - Secure React Application Development
02-04 Vue.js Security - Secure Vue.js Application Development
02-05 Angular and AngularJS Security - Secure Angular App Development
02-06 Clickjacking - UI Redress Attack Defense

Identity & Access Management
03-01 Authentication Best Practices - Web Authentication Practices
03-02 Session Management Best Practices - Web Session Management Practices
03-03 Multi-Factor Authentication - NIST SP-800-63 Compliant MFA Implementation
03-04 Secure Password Policy and Storage - Secure User Password Policy and Storage
03-05 Access Control Design - ABAC/Capabilities-Based Access Control
03-06 OAuth2 Security - OAuth2 Authorization Protocol
03-07 OpenID Connect Security - OpenID Connect Federation Protocol

Crypto Modules
04-00 Secrets Management - Key and Credential Storage Strategies
04-01 HTTPS/TLS Best Practices - Transport Security Introduction
04-02 Cryptography Fundamentals - Part 1 - Terminology, Steganography, Attacks, Kerchoff's Principle, PFC
04-03 Cryptography Fundamentals - Part 2 - Hash Functions, Symmetric Cryptography, Randomness, Digital Signatures

Process
05-00 DevOps Best Practices - DevOps and DevSecOps with a CD/CI Focus
05-01 Secure SDLC and AppSec Management - Managing Secure Software Processes

Additional Topics
06-00 User and Helpdesk Awareness Training - Security Awareness for Non-Technical Staff
06-01 Social Engineering for Developers - Developer Protection Against Social Engineering
06-02 App Layer Intrusion Detection - Detecting App Layer Attacks
06-03 Threat Modeling Fundamentals - Security Design via Threat Modeling
06-04 Forms and Workflows Security - Secure Handling of Complex Forms
06-05 Java 8/9/10/11/12/13+ Security Controls - Java Security Advances
06-06 Logging and Monitoring Security - Security-Focused Logging
06-07 Subdomain Takeover - Preventing Subdomain Takeover Scenarios
06-08 Laravel and PHP Security - Focus on PHP Security

Lab Options
07-00 Competitive Web Hacking LABS - Hands-on Web Hacking Labs
07-01 Competitive API Hacking LABS - Hands-on API Hacking Labs
07-02 Secure Coding Knowledge LABS - Hands-on Secure Coding Labs

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

You bought the application security tools, you have the findings, but now what? Many organisations find themselves drowning in "possible vulnerabilities", struggling to streamline their processes and not sure how to measure their progress.

If you are involved in using SAST, DAST or SCA tools in your organisation, these may be familiar feelings to you.

In this course, which is being refreshed and updated for 2025, you will learn how to address these problems and more (in a vendor-neutral way)

For 2025, we are putting a particular emphasis on practicality and activities which bring value with topics including the following:

• Customising the tools to focus on your needs
• Building tool processes which fit your business
• Automating workflows using CI/CD without slowing it down
• Showing the value and improvements you are making
• Finding ways to scale triage to cut down noise
• Focusing on fixing what matters in your situation
• Advantages and disadvantages of alternative forms of remediation
• Comparison of the different tool types covered and which you may want to use in different situations.
• The use of Vulnerability Aggregation and ASPMs

To bring the course to life and let you apply what you learn, you will work in teams on table-top exercises where you design processes to cover specific scenarios, explain and justify your decisions to simulated stakeholders and practice prioritising your remediation efforts.

For these exercises, you will work based on specially designed process templates (which we will provide) which you can use afterwards to apply these improvements within your own organisation.

Be ready to work in a group, take part in discussions and present your findings and leave the course with clear strategies and ideas on how to get less stress and more value from these tools.

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Download the complete training outline: AI Whiteboard Hacking Training Details

Testimonial: "After years evaluating security trainings at Black Hat, including Toreon's Whiteboard Hacking sessions, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."
- Daniel Cuthbert, Global Head of Cyber Security Research, Black Hat Review Board Member

In today's rapidly evolving AI landscape, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify, assess, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.

The training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses, expert Q&A sessions, and continuously updated resources.

Led by Sebastien Deleersnyder, co-founder and CTO of Toreon, and Black Hat trainer, this training combines technical expertise with practical insights gained from real-world projects across government, finance, healthcare, and technology sectors.

Quick Overview:
·       Target Audience: AI Engineers, Software Engineers, Solution Architects, Security Professionals
·       Prerequisites: Basic understanding of AI concepts (pre-training materials provided)
·       Certification: AI Threat Modeling Practitioner Certificate
·       Bonus: 1-year AI Threat Modeling Subscription included

Our lineup of the hands-on exercises from the training that let you put AI security concepts into practice:
Day 1: Foundations & Methodology
· "AI Security Headlines from the Future" - Explore potential security scenarios
· "Diagramming the AI Assistant Infrastructure" - Map out real AI system components
· "Identification of STRIDE-AI threats for UrbanFlow" - Apply threat modeling to urban systems
· "Autonomous Vehicle System Attack Tree Analysis" - Build attack scenarios

Day 2: Implementation & Defense
· "The Curious Chatbot Challenge (Injection)" - Hands-on prompt injection threats
· "Applying OWASP AI Exchange on a RAG-powered CareBot" - Real-world threat library application
· "AI Security Architecture Building Blocks Workshop" - Design secure AI systems
· "AI Risk Assessment: Autonomous Healthcare Robots" - Evaluate real-world AI risks

Day 3: Advanced Concepts & Practical Application
· "Ethics in Action - The FairCredit AI Incident" - Navigate ethical AI challenges
· "Data minimization and secure data handling for AI agents" - Implement privacy-by-design
· "Mapping attacks and controls in an MLOps pipeline" - Secure the AI development lifecycle
· "Project Prometheus: The Rogue AI Research Assistant" - Red Team/Blue Team wargame finale

Download the complete training outline: AI Whiteboard Hacking Training Details

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Core Modules
00-00 Intro to App Security
00-01 Input Validation Basics
00-02 HTTP Security Basics
00-03 SOP and CORS
00-04 API and REST Security
00-05 Microservice Security
00-06 JSON Web Tokens
00-07 SQL and Other Injections
00-08 Cross-Site Request Forgery - CSRF Defenses for Various Architectures
00-09 File Upload and File I/O Security - Secure File Upload, File I/O Security
00-10 Deserialization Security - Safe Deserialization Practices
00-11 Artificial Intelligence Security - Securing AI Implementations, Full Course
00-12 Third-Party Library Security Management - Ensuring Third-Party Library Security
00-13 Introduction to Cloud Security - Basics of Cloud Security Management
00-14 Intro to iOS and Android Security - Mobile Security Fundamentals

Standards
01-00 OWASP Top Ten - Top Ten Web Security Risks
01-01 Intro to GDPR - European Data Privacy Law
01-02 OWASP ASVS - Comprehensive Secure Coding Standard
01-03 OWASP Top Ten Proactive Controls - Web Security Defense Categories
01-04 PCI Secure SDLC Standard - Credit Card SDLC Requirements

User Interface Security
02-00 XSS Defense - Client-Side Web Security
02-01 Content Security Policy - Advanced Client-Side Web Security
02-02 Content Spoofing and HTML Hacking - HTML Client-Side Injection Attacks
02-03 React Security - Secure React Application Development
02-04 Vue.js Security - Secure Vue.js Application Development
02-05 Angular and AngularJS Security - Secure Angular App Development
02-06 Clickjacking - UI Redress Attack Defense

Identity & Access Management
03-01 Authentication Best Practices - Web Authentication Practices
03-02 Session Management Best Practices - Web Session Management Practices
03-03 Multi-Factor Authentication - NIST SP-800-63 Compliant MFA Implementation
03-04 Secure Password Policy and Storage - Secure User Password Policy and Storage
03-05 Access Control Design - ABAC/Capabilities-Based Access Control
03-06 OAuth2 Security - OAuth2 Authorization Protocol
03-07 OpenID Connect Security - OpenID Connect Federation Protocol

Crypto Modules
04-00 Secrets Management - Key and Credential Storage Strategies
04-01 HTTPS/TLS Best Practices - Transport Security Introduction
04-02 Cryptography Fundamentals - Part 1 - Terminology, Steganography, Attacks, Kerchoff's Principle, PFC
04-03 Cryptography Fundamentals - Part 2 - Hash Functions, Symmetric Cryptography, Randomness, Digital Signatures

Process
05-00 DevOps Best Practices - DevOps and DevSecOps with a CD/CI Focus
05-01 Secure SDLC and AppSec Management - Managing Secure Software Processes

Additional Topics
06-00 User and Helpdesk Awareness Training - Security Awareness for Non-Technical Staff
06-01 Social Engineering for Developers - Developer Protection Against Social Engineering
06-02 App Layer Intrusion Detection - Detecting App Layer Attacks
06-03 Threat Modeling Fundamentals - Security Design via Threat Modeling
06-04 Forms and Workflows Security - Secure Handling of Complex Forms
06-05 Java 8/9/10/11/12/13+ Security Controls - Java Security Advances
06-06 Logging and Monitoring Security - Security-Focused Logging
06-07 Subdomain Takeover - Preventing Subdomain Takeover Scenarios
06-08 Laravel and PHP Security - Focus on PHP Security

Lab Options
07-00 Competitive Web Hacking LABS - Hands-on Web Hacking Labs
07-01 Competitive API Hacking LABS - Hands-on API Hacking Labs
07-02 Secure Coding Knowledge LABS - Hands-on Secure Coding Labs

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

You bought the application security tools, you have the findings, but now what? Many organisations find themselves drowning in "possible vulnerabilities", struggling to streamline their processes and not sure how to measure their progress.

If you are involved in using SAST, DAST or SCA tools in your organisation, these may be familiar feelings to you.

In this course, which is being refreshed and updated for 2025, you will learn how to address these problems and more (in a vendor-neutral way)

For 2025, we are putting a particular emphasis on practicality and activities which bring value with topics including the following:

• Customising the tools to focus on your needs
• Building tool processes which fit your business
• Automating workflows using CI/CD without slowing it down
• Showing the value and improvements you are making
• Finding ways to scale triage to cut down noise
• Focusing on fixing what matters in your situation
• Advantages and disadvantages of alternative forms of remediation
• Comparison of the different tool types covered and which you may want to use in different situations.
• The use of Vulnerability Aggregation and ASPMs

To bring the course to life and let you apply what you learn, you will work in teams on table-top exercises where you design processes to cover specific scenarios, explain and justify your decisions to simulated stakeholders and practice prioritising your remediation efforts.

For these exercises, you will work based on specially designed process templates (which we will provide) which you can use afterwards to apply these improvements within your own organisation.

Be ready to work in a group, take part in discussions and present your findings and leave the course with clear strategies and ideas on how to get less stress and more value from these tools.

To register, please purchase your training ticket here. Training and conference are two separate ticket purchases.

Download the complete training outline: AI Whiteboard Hacking Training Details

Testimonial: "After years evaluating security trainings at Black Hat, including Toreon's Whiteboard Hacking sessions, I can say this AI threat modeling course stands out. The hands-on approach and flow are exceptional - it's a must-attend."
- Daniel Cuthbert, Global Head of Cyber Security Research, Black Hat Review Board Member

In today's rapidly evolving AI landscape, security threats like prompt injection and data poisoning pose significant risks to AI systems. Our 3-day AI Whiteboard Hacking training equips you with practical skills to identify, assess, and mitigate AI-specific security threats using our proven DICE methodology. Through hands-on exercises and real-world scenarios, you'll learn to build secure AI systems while ensuring compliance with regulations like the EU AI Act.

The training concludes with an engaging red team/blue team wargame where you'll put theory into practice by attacking and defending a rogue AI research assistant. Upon completion, you'll earn the AI Threat Modeling Practitioner Certificate and gain access to a year-long subscription featuring quarterly masterclasses, expert Q&A sessions, and continuously updated resources.

Led by Sebastien Deleersnyder, co-founder and CTO of Toreon, and Black Hat trainer, this training combines technical expertise with practical insights gained from real-world projects across government, finance, healthcare, and technology sectors.

Quick Overview:
·       Target Audience: AI Engineers, Software Engineers, Solution Architects, Security Professionals
·       Prerequisites: Basic understanding of AI concepts (pre-training materials provided)
·       Certification: AI Threat Modeling Practitioner Certificate
·       Bonus: 1-year AI Threat Modeling Subscription included

Our lineup of the hands-on exercises from the training that let you put AI security concepts into practice:
Day 1: Foundations & Methodology
· "AI Security Headlines from the Future" - Explore potential security scenarios
· "Diagramming the AI Assistant Infrastructure" - Map out real AI system components
· "Identification of STRIDE-AI threats for UrbanFlow" - Apply threat modeling to urban systems
· "Autonomous Vehicle System Attack Tree Analysis" - Build attack scenarios

Day 2: Implementation & Defense
· "The Curious Chatbot Challenge (Injection)" - Hands-on prompt injection threats
· "Applying OWASP AI Exchange on a RAG-powered CareBot" - Real-world threat library application
· "AI Security Architecture Building Blocks Workshop" - Design secure AI systems
· "AI Risk Assessment: Autonomous Healthcare Robots" - Evaluate real-world AI risks

Day 3: Advanced Concepts & Practical Application
· "Ethics in Action - The FairCredit AI Incident" - Navigate ethical AI challenges
· "Data minimization and secure data handling for AI agents" - Implement privacy-by-design
· "Mapping attacks and controls in an MLOps pipeline" - Secure the AI development lifecycle
· "Project Prometheus: The Rogue AI Research Assistant" - Red Team/Blue Team wargame finale

Download the complete training outline: AI Whiteboard Hacking Training Details

Low-code and no-code (LCNC) development has transformed the way organizations build applications, enabling business users—often with little security expertise—to create powerful workflows, automations, and even AI-driven solutions. As these platforms increasingly integrate AI-powered copilots and automation tools, their adoption is skyrocketing, but so are security risks that traditional AppSec frameworks fail to address.

Recognizing this urgent gap, we established the OWASP Low-Code/No-Code Security Top 10 project to clarify the unique risks in these environments. In this session, we will share our journey—how we classified the Top 10 security risks in LCNC, what we have accomplished since the project’s inception, and how AI-driven low-code development introduces new attack vectors that security teams must prepare for.

Attendees will gain insights into:

* How LCNC security challenges have evolved, especially with the rise of AI-powered platforms.
* The OWASP Low-Code/No-Code Security Top 10, providing a much-needed framework for both citizen developers and security professionals.
* Real-world exploit scenarios, from insecure workflows and data exposure to AI-powered automation risks.
* The current state of low-code security and AI governance, key findings from our research, and what’s next for securing this fast-growing space.

As AI and low-code become inseparable in modern development, security teams must adapt quickly to prevent misuse, misconfigurations, and data exposure. This session is ideal for AppSec professionals, developers, security leaders, and platform owners looking to secure LCNC applications while enabling innovation.

Join us to explore the evolving threat landscape and gain actionable strategies to safeguard the next wave of AI-driven enterprise applications.

Practical and usable advice on how to harness the power of AI to create secure React applications by using prompt engineering best practices. We will discuss practical methods for guiding AI models to produce safe, high-quality React code that reduces common vulnerabilities, such as cross-site scripting (XSS) and injection flaws.

Attendees will learn foundational techniques for crafting precise prompts, incorporating secure coding patterns, and validating AI-generated outputs.

By the end of this session, you will be equipped with actionable steps to integrate AI-driven development into your workflow and strengthen the overall security of your React and other software projects.

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

In this 100% slide-free demo session you will embark on a journey through the popular OWASP Juice Shop vulnerable web application!

You will experience firsthand how easy it is to set up, get started, and solve your first hacking & coding challenges. In a quick mob-hacking session, you will gain your first points on Juice Shop's extensive score board!

The demo also includes a glimpse into Juice Shop's CTF tool and its multi-user hosting environment MultiJuicer! You will witness how fast a CTF event can be launched with OWASP Juice Shop, how great documentation really makes a difference, and even how to make
the application look like an in-house app of your own company.

Due to the nature of this small group demo session, you are welcome to ask questions during and between the different topics - ad libitum! There is time for clarification and dipping into special topics.

If time permits, this session can also cover interesting behind-the-scenes topics, such as cheat detection, start-up validations, webhook integrations, and a pro-level Grafana dashboard for observability!

Even if you know and have used OWASP Juice Shop yourself already, there's no chance you've already seen everything that will be covered in this session!

Threat modeling is a cornerstone of cybersecurity, yet it remains manual, complex, and inaccessible to many teams. While AI-powered threat modeling holds immense promise, it faces challenges such as hallucinations, lack of structured outputs, low accuracy, and limited trustworthiness.

The critical gap lies in the availability of specialized datasets. We aim to enhance LLMs’ ability to identify threats and recommend effective controls by generating open-source curated datasets of real-world threat models with the OWASP Threat Library. This session explores the transformative potential of crowdsourced data to fine-tune LLMs, driving a significant leap forward for the cybersecurity community and industry - all under the wings of an OWASP Project.

Enterprise copilots, from Microsoft Copilot to Salesforce’s Einstein, are adopted by every major enterprise. Grounded into your personal enterprise data they offer major productivity gains. But what happens when they get compromised? And how exactly can that happen?

In this talk we will see how we can turn these trusted enterprise AI assistants into our own malicious insiders within the victim organization. Spreading misinformation, tricking innocent employees into making fatal mistakes, routing users to our phishing sites, and even directly exfiltrating sensitive data!

We’ll go through the process of building these attack techniques from scratch, presenting a mental framework for how to hack any enterprise copilot, no prior experience needed. Starting from system prompt extraction techniques to crafting reliable and robust indirect prompt injections (IPIs) using our extracted system prompt. Showing a step by step process of how we arrived at each of the results we’ve mentioned above, and how you can replicate them to any enterprise copilot of your choosing.

To demonstrate the efficacy of our methods, we will use Microsoft Copilot as our guinea pig for the session, seeing how our newly found techniques manage to circumvent Microsoft’s responsible AI security layer.

Join us to explore the unique attack surface of enterprise copilots, and learn how to harden your own enterprise copilot to protect against the vulnerabilities we were able to discover.

Mobile applications are often developed in a cross-platform framework such as Flutter, React Native or Maui. These frameworks allow developers to design and implement the application once and then deploy to both Android and iOS.

While these frameworks save time during the development cycle, they pose unique challenges when securing them. In this talk, I will show you how mobile application security is a shared responsibility between the developer, the cross-platform framework and the native OS on which the application is running. Security needs to be addressed during the entire SDLC, so we will examine the impact on SAST, DAST and even manual penetration testing.

Security teams love metrics - dashboards filled with vulnerability counts, alert volumes, and training hours logged. But do any of these actually make organizations more secure? The uncomfortable truth is that most security metrics are just vanity numbers—impressive in reports but meaningless in practice.

In this talk, I will focus on the science behind meaningful security metrics—the ones that actually reduce risk instead of just filling reports. I will introduce a framework that helps define metrics based on real security goals, rather than setting goals around whatever data happens to be available. From there, I will break down what constitutes a good metric, examining its structure and the common pitfalls that undermine its validity.

If your security strategy is built on unreliable metrics, it’s time for a reality check. This talk challenges industry assumptions and provides scientific backing to the fact that many widely used security metrics in the industry only weakly correlate with actual risk.

The Software Bill of Materials (SBOM) are in the limelight as the silver bullet for many things - open source license compliance, vulnerability management, copyright management, identifying technical debt and the path towards a healthy, secure and legislation-certified happy state of a binary life. But behind all this marketing and makeup is a fairly simple syntax and a lot of missing pieces in the puzzle. Let’s dive into the SBOM lifestyle together and look at the current status, the hopes and the vision for a toolset with less hype, but more real benefits for compliance, developers, product managers, with a chance of being a workhorse in risk management as well as the automatic vulnerability management toolchain. Help us make the SBOM dream come true, listen to the talk and then walk the SBOM walk!

Organizations are transitioning in their use of OWASP SAMM. The use case evolves from an assessment model to a quality control program. Kaizen is an iterative improvement methodology popularized in the Japanese industry. As an operational philosophy it has influenced quality control systems worldwide. This talk highlights how Kaizen principles are applied in the industry by separating different streams from the OWASP SAMM model and managing each stream in a continuous improvement cycle. The talk is based on practical experience and 27 interviews with appsec program managers at a wide range of corporations on this journey. There are some recurring pitfalls in the implementation of OWASP that relate to the human aspect of change management, the pitfalls of gamification and challenges around fitting the generic framework to diverse contexts. Finally we distill from the successes and the failures of the industry the potential for Kaizen principles and OWASP SAMM to leverage participatory leadership, empowerment and intrinsic motivation. The conclusion is an optimistic picture of the future, where security is everyone's problem, jobs are meaningful and applications a little bit more secure.

The question “What is AI security?” followed by “No, not image classification, LLMs!” has become a frequent conversation for us at conferences around the world. So, we decided to answer the real question.

Having spent the last year actively trying to break LLMs as attackers and defenders, as external entities, and as insider threats, we have gathered and created many techniques to jailbreak, trick, and control LLMs, and have distilled previously complex techniques in a way everyone can understand. We will teach you how to exploit control tokens, much like when we hacked Google’s Gemini for Workspace. You will see how to get an LLM to pop a shell with an image of a seashell, and we’ll even provide the tools to automatically extract pop-culture exploits for your very own KROP gadgets. We will reveal how an insider threat could implant hidden logic or backdoors into your LLM, enabling an attacker to control outputs, change inputs, or even make the LLM refuse to say the word “OWASP”. We will enable you to take full control over their local LLMs, even demonstrating how an LLM can be fully and permanently jailbroken in minutes with a CPU rather than with dozens of hours on multiple GPUs. By the end, our audience will be able to make any LLM say whatever they want.

Join Us in Shaping the Future of Secure Software Development

The OWASP Education and Training Committee is developing a certification program designed specifically for developers—and we need your expertise.

For the first time, this initiative will be showcased at OWASP Global AppSec EU 2025, and we’re inviting the community to help build the body of knowledge that will form the foundation of the certification curriculum.

If you're passionate about secure coding and developer education, this is your chance to contribute meaningfully to a global effort. Let’s build something that lasts—together.

Formally announcing v5.0 of the Application Security Verification Standard (ASVS), the first major release in five years of one of OWASP’s flagship projects. But the project has not been sitting idle for years, it has been under development the entire time.

This talk will cover the big changes and improvements in this recently released version.

This includes:
- Defining and clarifying the scope of the ASVS, and expectations for requirements.
- Mandating documented security decisions to provide some flexibility on implementing and verifying security requirements, to match the differences between organizations and applications.
- Adding several new chapters and making important changes to existing chapters.
- Providing a two-way mapping to make it easier to migrate from v4.x to v5.
- Balancing the levels and reducing the barrier to entry into Level 1.

We will also talk about how you can use the standard more effectively in your organizations, the future plans for ASVS now that version 5.0 is out, and how you can be involved.

It’s time to move forward - start using ASVS v5.0 and come on board to develop it further.

Step into the shadowy world of AI tools and ask yourself: How secure are they? This session dives deep into the architecture of AI models, exposing their most vulnerable points. Moreover, you will learn how malicious actors can weaponize AI, turning powerful tools into threats based on an example of a ‘Malicious Copilot’ IDE plugin. It will reveal how a code-completion model can be trained to embed harmful behavior, target victims, and execute attacks. Finally, you will take home actionable strategies for organizations leveraging generative AI and LLMs, ensuring security isn’t left to chance.

“What gets measured, gets managed” is perhaps an over-simplification, but the quote has its merits. In terms of building an effective application security Program, measurement and metrics go a long way, and by collecting, observing, and presenting actionable AppSec metrics, you can bridge the gap between Security Engineering and leadership’s strategic priorities.

In this session, we will start by speaking about different types of metrics, both qualitative and quantitative, and how these metrics can be categorised to align better with frameworks defining application security Metrics as a required control.
From there, we will start to look at what metrics we should use and how they can be visualised. By visualising these metrics, we can come to conclusions around whether or not the application security program is effective and what we should do to drive improvement.

Last, but not least, we’ll talk about how the data and visualisations can support us in our communication with leadership by supporting our requests and recommendations based on data and looking at trends.

In many areas of life—application security included—what gets measured can be proven, and what gets proven can be improved.

Listen in on how a big energy company from Norway runs a Security Champion Network with 250+ members! Ever wondered about the struggles of managing a 3-year-old network?

This light-hearted talk will give you context on:
- What the AppSec team does in Equinor.
- How our Security Champion program is structured.
- What we've learned so far.
- What challenges we've faced and how we have tried to solve them.
- Our gamification strategy.
- Key take-aways.

You will (hopefully) gain inspiration to bring home on how to run or improve your own Security Champion Network.